Privacy Policy

Last Updated: October 2, 2025

1. Introduction

1.1 Purpose

This Privacy Policy describes how InOut App ("we", "us", "our") collects, uses, protects, and shares your personal information when you use our loyalty platform services, including our mobile application and website.

1.2 Data Controller

The entity responsible for your data ("Data Controller") depends on your location:

  • For Users in Qatar: [Insert Your QFC Company Name], [Insert Your QFC Address], Doha, Qatar.
  • For Users Rest of World: INOUT APP PTY LTD, 24A Northcote Road, Greenacre NSW 2190, Australia.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

Contact Information

  • Full name
  • Email address
  • Phone number
  • Postal address

Account Information

  • Username and password
  • Profile picture
  • Preferences and settings

Location Information

  • Precise location (collected only with your explicit consent)
  • General geographic region
  • Check-in location data for verification and fraud prevention

Transaction and Loyalty Data

  • Purchase history and receipts uploaded
  • Points accumulated and rewards redeemed
  • Interactions with businesses

2.2 Automatically Collected Information

Device & Usage Data

  • Device type, model, and operating system
  • IP address and unique device identifiers
  • App usage patterns and technical logs for security
  • Device integrity information for fraud prevention (e.g., GPS spoofing detection)

3. Legal Basis and Use of Information

We process your personal data only where we have a legal basis to do so, as required by the QFC Data Protection Regulations:

Purpose Legal Basis
Loyalty Program Management (Earning points, redeeming rewards) Performance of a Contract: We cannot provide the service without processing this data.
Marketing & Push Notifications Consent: You explicitly agree to receive offers. You may withdraw this at any time.
Precise Location Verification Consent: Required to verify your physical presence at a merchant.
Fraud Prevention Legitimate Interests: Protecting our system and partners from abuse.

3.2 Communication

We may contact you via:

  • Email, SMS, or In-app messages (for service updates)
  • Push notifications (based on your device settings)

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share data with:

  • Cloud hosting providers (e.g., AWS, Google Cloud)
  • Analytics services
  • Merchants (limited data for transaction validation only)

4.2 Legal Requirements

We may disclose information to comply with legal obligations, protect our rights, or respond to valid government requests.

5. Your Rights (User Controls)

Under QFC Data Protection Regulations, you have specific rights regarding your data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data if no longer needed.
  • Right to Restriction: Request that we "pause" processing your data during disputes.
  • Right to Data Portability: Request your data in a structured, machine-readable format (e.g., CSV).
  • Right to Object: You have the absolute right to object to direct marketing at any time.

To exercise these rights, contact us at support@inoutapp.io.

6. Data Retention

We retain your data only as long as necessary:

  • Active Accounts: Retained while you use the app to maintain points.
  • Transaction Records: Retained for 6 years for tax/audit compliance.
  • Location Data: Deleted or anonymized immediately after verification.
  • Inactive Accounts: Deleted after a period of prolonged inactivity (e.g., 2 years).

7. International Data Transfers

We may transfer your data to servers outside the Qatar Financial Centre (e.g., to cloud providers in the US or EU). We ensure these transfers are protected by:

  • Transferring to jurisdictions with an Adequate Level of Protection; or
  • Using Standard Contractual Clauses approved by the QFC Data Protection Office.

8. Data Security & Breach Notification

  • We use encryption (in-transit and at-rest) and strict access controls.
  • In the event of a high-risk data breach, we will notify the QFC Data Protection Office within 72 hours and inform affected users without undue delay.

9. Children's Privacy

  • Services are not intended for users under 18.
  • We do not knowingly collect minors' data and will delete it if discovered.

10. Contact & Complaints

For privacy inquiries or to lodge a complaint:

  • Email: support@inoutapp.io
  • Address (Qatar): [Insert Your QFC Registered Address]
  • Address (Australia): 24A Northcote Road, Greenacre NSW 2190, Australia

10.1 Regulatory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated:

  • For users in the QFC/Qatar: You may contact the QFC Data Protection Office.
  • For users in the EU/EEA: You may contact your local Data Protection Authority (DPA) in your country of residence.

11. Acknowledgment

By using our Services, you acknowledge that you have read and understood this Privacy Policy.